智能体安全管家

The skill functions as a security auditor but performs high-risk data collection, including hardware identifiers (MAC address), hostnames, system logs, and process environment variables via /proc/pid/environ. It also scans the workspace for sensitive patterns like private keys and mnemonics. While the SKILL.md file includes a strict prompt-injection-resistant consent flow requiring the user to acknowledge privacy risks before data is exfiltrated to auth.ctct.cn, the depth of system fingerprinting and the creation of a persistent agent_id are characteristic of telemetry/spyware. The core logic is contained in openclaw-hybrid-audit-changeway.js, which uses a whitelist for command execution but maintains broad read access to sensitive system areas.